Two-step verification

What is two-step verification for Hushmail?

Two-step verification is a simple feature that asks for more than just your passphrase to sign in to your account from a device that we don’t recognize. It prevents unauthorized access to your Hushmail account by using a 2-stage process to authenticate your identity. The first step is to sign in using your username and passphrase and the second step is entering a verification code that we’ll send by text message to your mobile phone or to an alternate email address. You can also obtain a verification code using a smartphone app.

Why should I start using two-step verification?

Two-step verification is a new optional security feature for your Hushmail account that reduces the risk of a compromised passphrase being abused. It adds an extra layer of security that ensures an attacker will not be able to sign in from an unregistered device using your passphrase without also providing a verification code.

How do I turn two-step verification on?

1. Sign in to your Hushmail account

2. Go to the Preferences page by clicking the link in the upper right corner:

3. Select the Security tab:

4. To get started, click on the pencil icon to turn it on:

5. Follow the on-screen instructions.

Two-step verification is enabled now. How does it work?

The first time you sign in to your account after turning two-step verification on, you will be asked to enter a verification code, which will be sent via your method of choice. Once you enter the code, the device will be registered. Be mindful of the device you use, as it will now be a trusted device and in the future you will only use your passphrase to sign in when using that device. Any time you sign in from a device that isn’t trusted, you will be prompted to enter a new verification code to register that device, so that we recognize it in the future.

What if I don’t have my phone with me and I can’t access my alternate email address to receive the verification code?

When you turn on two-step verification, you also receive a backup verification code. We recommend you write it down and keep it in a safe place. You can use this backup verification code to gain access to your Hushmail account in case you have no means of receiving your verification code through your mobile phone or your alternate email address.

If you haven’t written down your backup verification code yet, you can find it again by going to the Security tab within the Preferences page. We strongly recommend keep your backup code safe and accessible, because if you ever lose access to your passphrase, your trusted devices, access to your alternate email address and to your backup verification code, you will be locked out of your Hushmail account.

Can I turn two-step verification off?

Yes. If you no longer want to use two-step verification, go back to the Security tab on the Preferences page and select the pencil icon in the Two-step verification field and select Off from the drop-down menu. Once you do this, your list of trusted devices will be deleted and if you ever turn two-step verification again, you will have to register your devices again.